Consult Hyperion assists European agency with guidelines on how to improve management of multiple electronic identities
New report for European Network and Information Security Agency will help EU institutions and Member States decide eID policies
Consult Hyperion, the independent consultancy which specialises in the field of secure transactions in contactless smart cards and mobile devices, today reveals details of a report it has written for ENISA (the European Network and Information Security Agency, working for the EU Institutions and Member States) about the management of multiple electronic identities (eIDs).
For approximately the past ten years European Member States and EEA countries have been implementing electronic identity management (eIDM) systems based on their national requirements, which have included improving administrative efficiency, improving accessibility and user-friendliness, and reducing costs. These requirements can be enhanced at the European level by improving the interoperability of electronic identification/authentication systems currently operated at the national level.
The increasingly digital nature of relationships between people is central to dealing with the issues of managing multiple identities. It is not a question simply of hardware or software, but more importantly of enabling people to enjoy and benefit from online experiences, while dealing with potential issues. These issues might include a lack of knowledge or training, difficult personal circumstances or simply irritation at the diversity and unpredictability of online privacy and identity mechanisms. It is therefore vital that we should have strong, reliable mechanisms, which can be easily understood and relied upon across the course of a lifetime.
“This is a very ambitious aim, but one which is potentially well supported by the range of technologies developing in this area. Privacy enhancing technologies have a major role to play.” said John Elliott, Consult Hyperion’s Public Sector Practice head, and one of the authors of the report. “Equally, simple good sense, such as using appropriate strength of authentication and not keeping credentials beyond their useful lifespan are important considerations. The adoption of open standards, with the flexibility this implies, also has a significant part to play.”
There is considerable scope for policy to assist by supporting and protecting people in their online experience. Problematic activities such as data mining and other identity-related attacks deserve close scrutiny. There are still questions to be resolved around the legal implications of ownership and also revocation of identities online. In such a fast-moving and interconnected area, it is likely that these and other issues will require the ongoing attention of policy makers in the coming years.
As experiences and expectations develop further, it is vital that the potential for successful management of multiple digital identities is not stifled by expectations based on traditional paper-based identity documentation. We should not aim to replicate offline processes, but rather to improve on them. We have excellent technologies at our disposal, which can provide a greatly enhanced level of user experience, choice, and privacy protection.
In order to create an identity infrastructure which will serve us well into the future, it is essential that policymakers should be fully aware of the opportunity that this presents. It must be managed well, with appropriate recognition of the needs of individual users and well chosen technologies. A well-designed infrastructure, with due flexibility and privacy built in, has the potential to deliver substantial social and commercial benefits.
The ENISA report is expected to be published in April 2011 and will have three main sections:
1. Electronic identity key concepts
2. Methods of management of multiple electronic identities
3. Guidelines and best practice
A paper on the results of this work was presented at the European Identity Interoperability Conference: “Bridging the Identity Divide” organised by eema in Leuven in March.
About Consult Hyperion
Consult Hyperion is an independent information technology consultancy that has spent over two decades advising leading organisations around the world. Consult Hyperion helps these organisations to reap real benefits from technological change in the field of secure electronic transactions ranging from retail payments to automated public services, and from transport ticketing to mobile banking.
Consult Hyperion is uniquely qualified to advise on turning great business ideas into working systems that can help customers to evaluate new business concepts, develop new products and services from specification to customer roll-out, and to certify complex systems responsible for handling people’s money.
The four main sectors the company operates in, worldwide, are; financial services, including card schemes, banks, retailers and others; telecommunications and media; and the public sector, including central governments and transportation authorities.
Andrew Ball / Chaz Brooks
Tel: +44 (0)1483 537 890
Tel: +44 (0)1483 301793
Operative networks contribute to the smooth functioning of the Internal Market, and concretely effects the daily lives of the citizens and business alike, using broadband, online banking, ecommerce, and mobile phones.
Therefore, the Agency’s Mission is essential to achieve a high and effective level of Network and Information Security within the European Union. Together with the EU-institutions and the Member States, ENISA seeks to develop a culture of Network and Information Security for the benefit of citizens, consumers, business and public sector organisations in the European Union.
ENISA is helping the European Commission, the Member States and the business community to address, respond and especially to prevent Network and Information Security problems.
ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a “European Community Agency“.
The Agency also assists the European Commission in the technical preparatory work for updating and developing Community legislation in the field of Network and Information Security.